aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/plugins/stroke/stroke_cred.c23
-rw-r--r--src/libcharon/plugins/stroke/stroke_plugin.c1
-rw-r--r--src/libcharon/sa/authenticator.c10
-rw-r--r--src/libcharon/sa/authenticator.h10
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c9
5 files changed, 45 insertions, 8 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 83431d17c..0dc03ec16 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -1124,6 +1124,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
while (fetchline(src, &line))
{
chunk_t ids, token;
+ key_type_t key_type;
shared_key_type_t type;
line_nr++;
@@ -1222,10 +1223,22 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
DBG1(DBG_CFG, "line %d: missing token", line_nr);
break;
}
- if (match("RSA", &token) || match("ECDSA", &token))
+ if (match("RSA", &token) || match("ECDSA", &token) ||
+ match("BLISS", &token))
{
- if (!load_private(secrets, line, line_nr, prompt,
- match("RSA", &token) ? KEY_RSA : KEY_ECDSA))
+ if (match("RSA", &token))
+ {
+ key_type = KEY_RSA;
+ }
+ else if (match("ECDSA", &token))
+ {
+ key_type = KEY_ECDSA;
+ }
+ else
+ {
+ key_type = KEY_BLISS;
+ }
+ if (!load_private(secrets, line, line_nr, prompt, key_type))
{
break;
}
@@ -1256,8 +1269,8 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets,
}
else
{
- DBG1(DBG_CFG, "line %d: token must be either "
- "RSA, ECDSA, P12, PIN, PSK, EAP, XAUTH or NTLM", line_nr);
+ DBG1(DBG_CFG, "line %d: token must be either RSA, ECDSA, BLISS, "
+ "P12, PIN, PSK, EAP, XAUTH or NTLM", line_nr);
break;
}
}
diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 31df1f99b..f64b99f08 100644
--- a/src/libcharon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -69,6 +69,7 @@ METHOD(plugin_t, get_features, int,
PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
PLUGIN_SDEPEND(PRIVKEY, KEY_DSA),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_BLISS),
PLUGIN_SDEPEND(CERT_DECODE, CERT_ANY),
PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
PLUGIN_SDEPEND(CERT_DECODE, CERT_X509_CRL),
diff --git a/src/libcharon/sa/authenticator.c b/src/libcharon/sa/authenticator.c
index 8571274ac..a3d67ed7a 100644
--- a/src/libcharon/sa/authenticator.c
+++ b/src/libcharon/sa/authenticator.c
@@ -31,12 +31,15 @@ ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
"RSA signature",
"pre-shared key",
"DSS signature");
-ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_GSPM, AUTH_DSS,
+ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_NULL, AUTH_DSS,
"ECDSA-256 signature",
"ECDSA-384 signature",
"ECDSA-521 signature",
- "secure password method");
-ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_GSPM,
+ "secure password method",
+ "NULL authentication");
+ENUM_NEXT(auth_method_names, AUTH_BLISS, AUTH_BLISS, AUTH_NULL,
+ "BLISS signature");
+ENUM_NEXT(auth_method_names, AUTH_XAUTH_INIT_PSK, AUTH_HYBRID_RESP_RSA, AUTH_BLISS,
"XAuthInitPSK",
"XAuthRespPSK",
"XAuthInitRSA",
@@ -99,6 +102,7 @@ authenticator_t *authenticator_create_verifier(
case AUTH_ECDSA_256:
case AUTH_ECDSA_384:
case AUTH_ECDSA_521:
+ case AUTH_BLISS:
return (authenticator_t*)pubkey_authenticator_create_verifier(ike_sa,
sent_nonce, received_init, reserved);
case AUTH_PSK:
diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h
index 914f42d9d..aefb94294 100644
--- a/src/libcharon/sa/authenticator.h
+++ b/src/libcharon/sa/authenticator.h
@@ -80,6 +80,16 @@ enum auth_method_t {
AUTH_GSPM = 12,
/**
+ * NULL Authentication Method as specified in draft-ietf-ipsecme-ikev2-null-auth
+ */
+ AUTH_NULL = 13,
+
+ /**
+ * BLISS Authentication Method
+ */
+ AUTH_BLISS = 220,
+
+ /**
* IKEv1 initiator XAUTH with PSK, outside of IANA range
*/
AUTH_XAUTH_INIT_PSK = 256,
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 6fb14bc06..2188fb2e8 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -106,6 +106,11 @@ METHOD(authenticator_t, build, status_t,
return status;
}
break;
+ case KEY_BLISS:
+ /* we currently use SHA512 only */
+ scheme = SIGN_BLISS_WITH_SHA512;
+ auth_method = AUTH_BLISS;
+ break;
default:
DBG1(DBG_IKE, "private key of type %N not supported",
key_type_names, private->get_type(private));
@@ -170,6 +175,10 @@ METHOD(authenticator_t, process, status_t,
case AUTH_ECDSA_521:
scheme = SIGN_ECDSA_521;
break;
+ case AUTH_BLISS:
+ key_type = KEY_BLISS;
+ scheme = SIGN_BLISS_WITH_SHA512;
+ break;
default:
return INVALID_ARG;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 23:16:06 +0000